Kustvakt now requires absolute redirect URIs
Change-Id: I034a68abfca6f0367dd3972362d3fa84311774d0
diff --git a/Changes b/Changes
index 7a72374..5c809a8 100755
--- a/Changes
+++ b/Changes
@@ -6,6 +6,8 @@
environments (fixes #197). (diewald)
- Require at least conllu2korapxml v0.6.1. (diewald)
- Improve redirection on all authorization calls. (diewald)
+ - Redirect-URIs are required to be absolute
+ by newer versions of Kustvakt. (diewald)
0.49 2023-02-23
- Introduce conllu2korapxml command via plugin. (diewald)
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 98a3299..d6623d5 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -169,10 +169,14 @@
$self->hook(
before_dispatch => sub {
my $c = shift;
- if (my $host = $c->req->headers->header('X-Forwarded-Host')) {
+ my $h = $c->req->headers;
+ if (my $host = $h->header('X-Forwarded-Host')) {
+
+ my $proto = $h->header('X-Forwarded-Proto') // ($conf->{https_only} ? 'https' : undef);
+
foreach ($c->req->url->base) {
$_->host($host);
- $_->scheme(undef);
+ $_->scheme($proto);
$_->port(undef);
};
};
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index e65972b..4cc2a9e 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -1624,7 +1624,7 @@
# Get authorization token
my $client_id = $c->stash('client_id');
my $name = $v->param('name');
- my $redirect_url = $c->url_for->query({name => $name});
+ my $redirect_url = $c->url_for->query({name => $name})->to_abs;
$c->auth->new_token_p(
client_id => $client_id,